Owasp Zap Testing rest api

rest api testing owasp zap
12,233

The short answer is yes. The long answer - it's complicated :)

Testing REST API is a bit harder than testing web API - you'll have to give Zap information about your API - which endpoints it has, parameters, etc. Can you share more about you're API? Does it have OpenAPI/Swagger document? Do you have existing tests? You can use either one of those for this task.

I gave a talk about how this can be achieved - you can find the recording here.

Share:
12,233
Сергей
Author by

Сергей

Изобретатель велосипедов, строитель костылей.

Updated on June 04, 2022

Comments

  • Сергей
    Сергей almost 2 years

    Is that possible to testing rest-api via OWASP ZAP ? Url to attack worked just for GET requests.

    enter image description here

    For example, my api controllers work with only token. I have TokenController and this controller require POST data via JSON data include password and login. Can I someway testing this controller via OWASP ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

RESTful API Testbed with Swagger
Automated testing for REST Api
GUI frontend for cURL for testing an API
Needed advice to automate REST services test
Updating Value From API in a constructor flutter
How to access COWIN APIs?
In Flutter how I can fetch data inside a JASON with API and GetX
Flutter REST API Security
Prevent untrusted clients to use login/register endpoints of REST API
Error: Request failed with status code 400 - AXIOS NODEJS